|
 FREE ISSUE: Hacking Instant MassengerAnatomy of Malicious PDF DocumentsDidier Stevens The increased prevalence of malicious Portable Document Format (PDF) files has generated interest in techniques to perform malware analysis of such documents. Metasploit Alternate Uses for a Penetration TestStephen Argent The Metasploit Framework is a program and subproject developed by Metasploit LLC. It was initially created in 2003 in the Perl programming language, but was later completely re-written in the Ruby Programming Language. Interview with Raffael Martyhakin9 team Raffael Marty is a Chief Security Strategist and Director of Product Management at Splunk. As customer advocate and guardian – he focuses on using his skills in data visualisation, log management, intrusion detection, and compliance. He has built numerous log analysis systems and implemented use-cases for hundreds of customers that deal with log management challenges on a daily basis. Analyzing MalwareJason Carpenter This article is an introduction to analyzing malware. I will take you through the basic steps you need to perform in order to understand what malware is doing to your systems. ENGARDE SECURE LINUXJuan van der Merwe Engarde Secure Linux, out of the box Linux distribution built for what the name says, Secure (security). Engarde Secure Linux does just that for your server with easy to setup user restrictions, trusted hosts, Firewall protection etc via the GDWT (Guardian Digital WebTool). The Art of Black PackagingWayne Ronaldson On this particular Pentest I connected to the client’s wireless connection. After I connected I immediately checked for open shares. Previously I have been lucky and on this particular Pentest luck happened to be on my side. BPMTKDidier Stevens Security issues arise from the fact that a limited user has full control over his own processes on the Windows platform. Security mechanisms implemented in the user's own processes can be bypassed. Defeating AntiVirus SoftwareJim Kelly Penetration testers are frequently called upon to upload netcat to compromised computers to gain a command line.Security professionals work with many tools that AV vendors have labeled “hacker tools.” In the interest of enforcing common corporate policy, AV vendors rigorously quarantine and delete these tools. HTTP TunnelMichael Schratt Most of all companies only provide a very restrictive environment. While Network and Security Adminstrators do their job, securing the enterprise network from intruders, users are trying to compromise perimeter security to get more than is allowed. Surfing the www and googling provides a huge knowledge on how to greak firewalls, proxies, anti-virus appliances and so on. Training – the Security MinefieldCHris Riley Learning something new is a wonderful thing. However, with all the security training on offer right now, how do you know what's right for you? 
Client-side ExploitsAnushree Reddy Client-side exploit are some of the most commonly seen exploits and this is mainly due to the fact that traditional perimeter security (firewalls, router access lists) offer little or no protection against these kinds of exploits. This is due to the fact that clientside exploits target vulnerabilities on the client applications. Auditing Oracle in a Production EnvironmentAditya K Sood Aditya K Sood This paper is based on real penetration testing of Oracle servers on HP-UX systems and the way the auditor has to follow to combat the stringencies that come in a way. We will dissect the errors and the way to bypass them to conduct the tests. VoIPERTerron Williams With VoIP devices finding their way into the majority of major enterprises and a significant number of residential installations, the possible consequences of a security vulnerability that can be leveraged by malicious hackers are ever increasing. Exploitation and Defense of Flash ApplicationsNeil Bergman Adobe’s Flash technology has become increasingly popular not only to create animations and advertisements, but also to develop complex Internet applications. Flash applications (SWF files) are distributed over web protocols and have the potential to read local or remote files, make network connections, and contact other SWF files. How to Deploy Robustness TestingMikko Varpiola Today’s software companies design and test their code using the well-accepted, familiar method of positive testing. Still, all communications software appears to be infested with securitycritical bugs that can be misused to crash the software or to take total control of the device running the software. Codenomicon website (www.codenomicon.com) Cracking LDAP Salted SHA HashesAndres Andreu The article will learn you how LDAP Salted SHA Hashes are structured, how to employ modern day tools to crack LDAP SSHA hashes. The author shows why LDAP SSHA hashes should be treated like clear-text data. Remote and Local File Inclusion ExplainedGordon Johnson The article presents what remote file inclusion and local file inclusion are and how to execute them. Writing IPS Rules – Part 3Matthew Jonkman It is a third part of Matthew's new column series on writing IPS Rules. Self Exposure by Dr. Gary McGrawGary McGraw is CTO of Cigital and an author of many IT Security publications. In this article he tells hakin9 readers about his job, experiences and IT security. One Time Password – New Dimensions in SecurityRajesh Mago After reading this article, you will come to know about the OTP technology applications. The working of OTP systems, software processes and mathematics involved as well as types of OTP technologies are explained. Storming SIP SecuritySandro Gauci The article presents attacks which can be used to compromise Voice over IP systems that make use of the SIP protocol and protocols that rely on it. Methods that are explained in Sandro's paper can be very effective offensive tools for malicious users thus reading it might help to protect against the intrusion. Alternate Data Streams or “Doctor Jekyll and Mr. Hyde” move to NTFSLaic Aurelian This article shows everything you should know about ADS, focusing on its practical use. Programming with Libpcap - Sniffing the network from our own applicationLuis Martin Garcia The article presents what the principles of packet capture are as well as how to capture packets using libpcap. Consumers Test - We help you choose the most reliable firewallPete Herzog Consumers test Firewallsand share their opinions. The goal is to help the readers make a right choice when choosing the software. Analyzing Malicious CodeHardik Shah, The article presents the various techniques and tools used for analyzing malicious code. Includes a tutorial on how to examine the NetSky-P worm. Virtualization and Virtual Machine Software. We help you to choose the best VMDan Kusnetzky Consumers tests on Virtual Machines. Our goal is to help the readers a right decision when choosing a VM. VoIP SecurityLuca Leone, For companies, using VoIP is an easy way for communication between their several branches and for their teleworking employees; many users choose the VoIP to leave behind the traditional telephonic companies and to pay cheaper bills... Data Recovery SoftwareClint P. The choices of data recovery software range from free to thousands of dollars. There are many differences between open source and commercial software, and data recovery is no exception. Cost will be the determining factor for many who are in need of software to recover lost data. A good rule of thumb is to consider what the data is worth to you before you spend money on it. If you lost a bunch of mp3’s or rar’s that can easily be re-downloaded, then open source may be the way to go. Defending the Oracle Database with Advanced Security FeaturesMikoláš Panský The article provides general information on Oracle, teaches a basic hacking Oracle method and basic Oracle defense techniques. Choosing a Router for Home Broadband ConnectionRouterTech.org Support Consumers tests on routers. Our goal is to help the readers to make a right choice when buying, choosing a router. Designing a crypto attack on the Ccrp (bit shuffling) cipherDale Thorn You will get to know some most important things connected with crypto attacks. The author writes about the conventional attacks, about how to host and prepare the crypto attack. Analysing and Mapping Wireless NetworksAndrew Komarov This writing provides some great information on Wi -fi positioning, creating a wardriver's map and running common attacks in the wireless infrastructure. Snort_inline as a solutionPierpaolo Palazzoli, From this article you will learn how Snort_inline works, what are the basics of Intriusion Prevention Systems and how to tune Snort_inline configuration. authors also present the ways to add a dedicated device which is best suited for the environment we want to protect. An interview with Dr. Gary McGrawOur expert on IT security situation, careless private users, vulnerabilieties in the systems and hackers community. Simple Event Correlator for real-time security log monitoringRisto Vaarandi Over the past decade, event correlation has become a prominent event process in technique in many domains. However, existing open-source log monitoring tools don't support it well. We present what correlation is, what was the motivation for its developing and how to employ SEC for monitoring and correlating events from security logs. Cryptography for Mail and DataLars Packschies Should we put our confidencial information in an e-mail and send it around the world? What is the cryptography role in more secure communication? We present how to set up and use keys GnuPG and how encrypt data on the filesystem level. Introduction to XPath Injection techniquesJaime Blasco An XPath Injection attack is one of the latest techniques employing manipulating XPath queries in order to extract information from an XML database. Having read this article you will know, for example, how to employ XPath injection method to bypass safeguards in certain applications. Tested products - security scanners.A new section in hakin9! In this edition we present our readers' opinions on advantages & disadvantages of security scanners. You can find out if the prizes are adequate to the quality, what are the main problems that the users experienced and finally you will see the rating. Firewall leak testingDavid Matousek In this section we present our readers' opinions on advantages & disadvantages of firewalls they have used. You can find out if the prizes are adequate to the quality, what are the main problems that the users experienced and finally you will see the rating. |
 
|
